You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

During the process of removing malware from your computer, there are times you may need to use specialized fix tools. This is especially true if you are receiving help from a member of the Malware Response Team (MRT). Certain embedded files that are part of these specialized fix tools may at times be detected by your anti-virus or anti-malware scanner as a "RiskTool", "Hacking tool", "Potentially unwanted tool", a virus or a "Trojan" when that is not the case.

These tools have been carefully created and tested by security experts so if your anti-virus or anti-malware program flags them as malware, the detection is what's known as a "False Positive". Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases, the removal of these files can have "unpredictable results" and unintentional results.

To avoid any problems while using a specialized tool it is very important that you temporarily disable your anti-virus and/or anti-malware programs before using them or when instructed by a member of the Malware Response Team. You can re-enable these programs after the malware removal process has been completed.

Many folks may not be sure how to do this so the BC Staff has created a list of common anti-virus programs and the relevant steps to disable their Real-time protection capabilities. When your system has been cleaned or when advised by your helper, it is important that you re-enable your security programs to avoid re-infection. A special thanks to Yourhighness for the diligent effort in compiling this list.

How to Temporarily Disable your Anti-virus

AVASTRight-click on the avast! icon in system tray (looks like this: but orange in color starting with v5). Select avast! shields control and there will be options to disable avast for 10 minutes, 1 hour, until the computer is restarted or permanently.

Unfortunately the system tray icon does not change, so if you want to double-check whether or not you successfully disabled the Firewall, do the above steps again and look for "Enable CA Personal Firewall." If this is the case, then you successfully disabled the CA Personal Firewall Guard.

Comodo Firewall Pro (free Personal)

Right-click the system tray icon.

Select Exit.

On the Pop up window, Click the Yes button.

You successfully disabled Comodo Firewall.

F-Secure Internet Security SuitePlease navigate to the system tray on the bottom right hand corner and look for a blue sign.

Right click it-> select Unload.

Select: "Unload and allow all network traffic"

Select Unload to confirm deactivation of F-Secure Internet Security

You will be asked to enter your Parental Control Password. Please enter it and click "OK."

The F-Secure sign should now be surrounded by a red striked through circle (looking like this: )

You successfully disabled the F-Secure Guard.

Jetico Personal FirewallPlease navigate to the system tray on the bottom right hand corner and look for this sign (the arrows could also be filled with green color instead of grey, indicating that the Firewall currently detects traffic).

Right click it->click on the option Shutdown Firewall.

You successfully disabled the Jetico Personal Firewall Guard.

Kaspersky Internet SuitePlease navigate to the system tray on the bottom right hand corner and look for a sign.

Right click it-> select Pause Protection.

Click on -> By User Request

A popup will claim that protection is now disabled and a sign like this: will now be shown.

You successfully disabled the Kaspersky Internet Suite Guard.

Lavasoft Personal FirewallPlease navigate to the system tray on the bottom right hand corner and look for either one of the following three (the sign varies depending on the settings you chose on your PC) / / signs.

Right click it-> select Exit.

You will be confronted with a popup saying that you are no longer protected and will disable the Firewall. Click on "Yes."

Norton decided to install in German for me, although it never asked. According to the help file, you can also do it the following way (translated into English):

Please open Norton Internet Security Center by clicking the system tray icon and chosing the appropriate option.

Now click on the tab "Norton Internet Security" and click on "Settings."

Click the Internet Usage option "Personal Firewall."

Click "deactivate"

After a tortorous and never seeming to end install of this crapware, I would appreciate if you either agree to use the first option, or to double check for me. I am not really fond of tricking Norton to think I am not a silly German and allowing me to download a proper installer....

Agnitum Outpost Firewall ProPlease navigate to the system tray on the bottom right hand corner and look for either one of the following three (the sign varies depending on the settings you chose on your PC) / / signs.

Right click it-> select "Firewall Policy...".

Chose "Disable."

You will now see a sign like this in the systemtray.

You successfully disabled the Agnitum Outpost Firewall Pro Guard.

Panda Internet Security SuitePlease navigate to the system tray on the bottom right hand corner and look for a sign that looks like a Pandabear head.

Right click it-> select "Close automatic protection.".

A message will pop up and warn you about disabling the protection. Chose "Yes."

The above sign in the systemtray will now disapear.

You successfully disabled the Panda Internet Security Guard.

PC Tools Firewall PlusPlease navigate to the system tray on the bottom right hand corner and look for this sign

Right click it->click on the option Disable Firewall.

You should now see a sign like this:

You successfully disabled the PC Tools Firewall Plus Guard.

Radialpoint Security ServicesPlease navigate to the system tray on the bottom right hand corner and look for the following sign.

Right click it-> select "Exit.".

A message will pop up and warn you about disabling the protection. Chose "Yes."

The above sign in the systemtray will now disapear.

You successfully disabled the Radialpoint Security Services Guard.

Sygate Personal FirewallPlease navigate to the system tray on the bottom right hand corner and look for the following sign.

Right click it-> select "Exit Firewall".

A message will pop up and warn you about disabling the protection. Chose "Yes."

Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".

COMODO BO CLEAN

Right-click the system tray icon.

Select Shut down BO Clean button.

Restarts on reboot or open from Program Menu.

COUNTERSPY

Right-click on the running CounterSpy icon in the sytem tray.

Hover your mouse over "Active protection".

A menu will slide out and then you need to left click on "Disable Active Protection".

Disabling CS Active Protection should cause the systray icon to turn orange/red and hovering your mousing over the icon will then state "Active protection is disabled".

(When we are done, re-enable Counterspy by launching the program from Start > Programs, click on the Active Protection. It will either say Active Protection enabled or disabled. On the right side, you can select each of the tasks (scroll down to see all of them) individually, then either enable or disable them on the bottom right, individually. If you have a problem doing that then click on help, choose run setup wizard, click next 2 times, make sure automatic updates is set to yes, click next, make sure enable active protection is set to yes, click next, then click finish, then exit. Then open CounterSpy to make sure that the active protection has been enabled.)

If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.

Exit Spybot S&D when done and reboot your computer.(When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]

SPY SWEEPER version 4

Open Spy Sweeper and click on Options > Program Options and uncheck "load at windows startup".

On the left click "shields" and then uncheck everything there.

Uncheck "home page shield".

Uncheck "automatically restore default without notification".

Exit the program and reboot for the changes to take affect.

(When we are done, you can re-enable it using the same steps but this time reverse them.)

SPY SWEEPER version 5

Open SpySweeper and click Shield Settings on the right (or Shields on the left, depending what screen you're on).

Click Internet Explorer and uncheck all items.

Click Windows System and uncheck all items.

Click Hosts File and uncheck all items.

Click Startup Programs and uncheck all items.

Exit the program.

SPYWARE DOCTOR

Click the Spyware Doctor icon in the System Tray.

Click Settings.

Click Startup Settings under Pick a Category.

Uncheck "Run at Windows startup".

Click Apply and Exit Spyware Doctor.

From within Spyware Doctor, click the "OnGuard" button on the left side.

Uncheck "Activate OnGuard".

(When we are done, you can reenable Spyware Doctor)

SPYWARE GUARD

Right click the running icon of Spywareguard in the system tray to open the program.

Hi, nutnworks referred me to your instructions for disabling anti-malware so that I could run a utility of theirs. The instructions say that I should disable Norton via the system tray. But in my case, the malware has disabled my system tray. Do you know another way to disable Norton?

Hello,I have McAfee SecurityCenter running, and I have no idea how to disable it.There is no "Exit" when I right click on the icon in the taskbar.

Double-click the taskbar icon to open the Security CenterClick Advanced Menu (lower left)Click Configure (left)Click Computer & Files (upper left)VirusScan can be disabled on the right.

Do the same via Internet & Network for Firewall Plus.

Edited by garmanma, 14 March 2010 - 03:35 PM.

Markwhy won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time aroundDo not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefitsBecome a BleepingComputer fan: Facebook and Twitter

NORTON ANTIVIRUSPlease navigate to the system tray on the bottom right hand corner and look for a sign.

* right-click it -> chose "Disable Auto-Protect." * select a duration of 5 hours (this assures no interference with the cleanup of your pc) * click "Ok." * a popup will warn that protection will now be disabled and the sign will now look like this:

Edited by garmanma, 09 January 2009 - 08:39 PM.

Markwhy won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time aroundDo not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefitsBecome a BleepingComputer fan: Facebook and Twitter

I have AVG 8. I disabled the resident sheild... but my anti-virus and anti-spyware still has the green active checkmark next to it, is this ok to run combofix or am I suppose to disable that too some how? I can't seem to figure out how to disable it separately, there's no option.